Protecting your identity is a harder task than it seems. Funny story, remember the guy that used to advertise his social security number on TV promoting his identity theft protection service? He doesn’t do that anymore, why? He got his identity stolen, multiple times. No joke.
So, if this guy has all the resources to be continually monitoring his credit and accounts and this can still happen, is there any hope for us mere mortals? The reality is a sad one. It’s a combination of luck and good practices. What do I mean?
You can do absolutely everything right and still get your identity stolen. Bad luck. This however, doesn’t mean that you don’t have to do everything in your power to protect yourself.
I recently went on the TV show Despierta America and spoke about some of the things you can do to protect your identity but in priority order, these two are high up there.
Strong passwords are only part of it
Passwords have been a problem but not for the reasons you think. Whenever I’m asked about passwords, the first thing that comes to mind is complexity. Passwords need to be complex, right? You’ve heard the spiel, a combination of letters, numbers, upper and lower cases, symbols, punctuation and let’s not forget, length, the longer the better. We have to make sure it’s not a real dictionary word, don’t include our personal information in it and never, ever, under no circumstances use the word ‘password’. But, you are not being told the whole story…
It’s true, a great password needs to have all of these attributes so it is hard to break by a brute force attack. A hacker uses a brute force or dictionary attack by trying every possible permutation and combination of numbers and letters and of course, the longer and more complex your password is, the longer it takes to crack it, but that might not protect you at all because that’s not necessarily the biggest problem with passwords. Let me explain.
Recycling is great, but not for your passwords
If you have this amazing password and you reuse it on every site you visit, you are exposing yourself more than you can imagine. Why? Simple. It just takes one of the sites to be compromised and your precious password is lost, no matter how impossible to crack it is. I can hear you saying in your mind, “Ariel, you don’t have to be paranoid, these companies are doing their best to protect my information and they are trustworthy, right?” Wrong!
Check out this list of the companies that have neglected to protect your personal information and you’ll find the cream of the crop such as:
JP Morgan Chase, Target, Home Depot, eBay, Adobe Systems, Anthem Insurance (Blue Cross) and many others.
As you can see, the biggest names, the most prestigious brands, all of them hacked, your information, compromised. Why? Simple.
In my years working as an information security consultant, I learned that whenever in doubt between conspiracy and ignorance, ignorance wins 99% of the time. It’s more likely that some irresponsible person left a server unpatched than that you were personally targeted by an advanced hacking team from China and Russia who colluded to steal your information. It doesn’t mean that these things don’t happen, it just means that information systems are so complex and have so many components, that it’s incredibly challenging to secure them all. While the good guys need to protect all of these thousands or millions of servers and computers, the bad guys just need to find one that’s not protected. Like the old saying goes, security is like a chain and you are only as protected and strong as your weakest link. What do I mean by all this? Let me tell you.
Do not reuse passwords between sites, especially the critical ones like your financial institutions.
So, how do we remember all of these complex passwords?
Use a password management solution
If we are going to stick to the principle of having complex, hard to crack passwords for all our important accounts, we can’t pretend to remember them all. After all, it’s pretty frustrating to try to login to your bank or credit card and not remember the password. They make you go through hoops and in the end, you might even be locked out of your account with only one terrifying recourse, having to pick up the phone and trying to talk to a human being. Good luck!
To avoid all this pain, you need to use a system that will remember all these passwords for you and be right every time. It needs to work on your computer, your phone and tablet. Here you have 3 password managers that can help you:
Use two-factor authentication
I can’t stress this enough. Two factor authentication is basically the combination of something you have with something you know. What do you know? Your password. What do you have? A unique text message sent to you, a unique code generated that nobody would have access to unless they have access to your phone and in the case of more advanced security systems, biometrics meaning your retina or fingerprint. We don’t work for the NSA, so let’s talk about the first two options.
If you use Gmail, you should definitely set this up. Here are Google’s Instructions:
To Turn on 2-Step Verification
When you enable 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account. You sign in with something you know (your password) and something you have (a code sent to your phone).
Set up 2-Step Verification
- Go to the 2-Step Verification page. You might have to sign in to your Google Account.
- Select Get started.
- Follow the step-by-step setup process.
Once you’re finished, you’ll be taken to the 2-Step Verification settings page. Review your settings and add backup phone numbers. The next time you sign in, you’ll receive a text message with a verification code. You also have the option of using a Security Key for 2-Step Verification.
That’s wasn’t hard, was it?
In conclusion, if you use strong passwords, don’t reuse them, use a password manager and two-factor authentication and you’ve helped protect your identity significantly and decreased your chances of a hacker getting into your accounts considerably.